Aireforge Guard (Beta)
This feature is currently in Beta. Functionality and performance may change before the final release.
Aireforge Guard is a database firewall that allows administrators to control access and monitor database connections based on customizable policies. Guard works by defining rules to whitelist, blacklist, or graylist specific login attempts, applications, or source addresses.
Getting Started
Installing Guard
- Install Guard: Guard can be installed from the Policies tab in Aireforge Studio.
- Activate Guard: Once installed, activate Guard by enabling it for specific servers.
Note: Guard requires configuration on each server, including setting up policies and ensuring required permissions.
Policies
A Guard policy is a collection of rules that define how login attempts are handled. Each policy consists of three lists:
- Whitelist: Permits access.
- Graylist: Audits but allows access.
- Blacklist: Denies access and audits the attempt.
Creating and Managing Policies
- Go to Guard in the main menu and click New Policy.
- Define the policy rules using the Policy Editor.
- You can specify conditions such as:
- Login Name
- Application Name
- Source Address
- Time of Day
- Day of Week
- You can specify conditions such as:
- Set the result for each rule (Whitelist, Graylist, or Blacklist).
Example Policy
Here�s an example of a "Logging Only" policy:
- Whitelist: Disabled
- Graylist: Enabled
- Blacklist: Disabled
This policy audits all connections without blocking any. It is useful for monitoring without restricting access.
Rules
Rules are the building blocks of a policy. You can specify several conditions to match login attempts, including:
- Login Name: Match specific database login names.
- Application Name: Match the application connecting to the database.
- Source Address: Match the IP address or hostname of the client.
- Time and Day: Restrict logins based on time or day.
Each rule defines whether to block, audit, or permit the connection.
Rule Example
- Rule 1: Block all connections from a specific IP address outside of business hours.
Activation States
Guard can be in one of several states:
- Active: Guard is running and enforcing policies.
- Disabled: Guard is installed but not active.
- Not Set Up: Guard has not been configured on this server.
- Pending: Guard is in the process of checking or updating status.
- Error: There was an issue with Guard on the server.
Tip: You can check the status of Guard by viewing the Server Status in the Guard tab.
Audit Log
Guard provides detailed logging of connection attempts, including those blocked, permitted, or audited. The logs can be viewed and filtered in the Audit Log tab.
Logs include:
- Login Name
- Application Name
- Source Address
- Connection Time
- Policy Action (Blocked, Permitted, Audited)
Deactivating Guard
To temporarily disable Guard:
- Open the Guard tab.
- Select the server(s) to disable Guard.
- Click Disable.
Known Issues
- In this Beta version, some features may be incomplete or may not work as expected.